Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-50073

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker ... Read more

    Affected Products : weblogic_server
    • Published: Jul. 15, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Authentication

  • 4.0

    MEDIUM
    CVE-2025-50072

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logo... Read more

    Affected Products : weblogic_server
    • Published: Jul. 15, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Authentication

  • 8.2

    HIGH
    CVE-2024-54027

    A Use of Hard-coded Cryptographic Key vulnerability [CWE-321] in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, version 4.0.5 and below, version 3.2.4 and below, version 3.1.5 and below, version 3.0.7 to 3.0.5 may allow a privileged attack... Read more

    Affected Products : fortisandbox
    • Published: Mar. 17, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Cryptography

  • 5.3

    MEDIUM
    CVE-2021-32584

    An improper access control (CWE-284) vulnerability in FortiWLC version 8.6.0, version 8.5.3 and below, version 8.4.8 and below, version 8.3.3 and below, version 8.2.7 to 8.2.4, version 8.1.3 may allow an unauthenticated and remote attacker to access certa... Read more

    Affected Products : fortiwlc
    • Published: Mar. 17, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2021-26087

    An improper neutralization of input during web page generation in FortiWLC version 8.6.0, version 8.5.3 and below, version 8.4.8 and below, version 8.3.3 web interface may allow both authenticated remote attackers and non-authenticated attackers in the sa... Read more

    Affected Products : fortiwlc
    • Published: Mar. 17, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.7

    MEDIUM
    CVE-2021-22126

    A use of hard-coded password vulnerability in FortiWLC version 8.5.2 and below, version 8.4.8 and below, version 8.3.3 to 8.3.2, version 8.2.7 to 8.2.6 may allow a local, authenticated attacker to connect to the managed Access Point (Meru AP and FortiAP-U... Read more

    Affected Products : fortiwlc
    • Published: Mar. 17, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Authentication

  • 5.0

    MEDIUM
    CVE-2020-29010

    An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS version 6.2.4 and below, version 6.0.10 and belowmay allow remote authenticated actors to read the SSL VPN events log entries of users in other VDOMs by executing "get... Read more

    Affected Products : fortios
    • Published: Mar. 17, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2019-6697

    An Improper Neutralization of Input vulnerability affecting FortiGate version 6.2.0 through 6.2.1, 6.0.0 through 6.0.6 in the hostname parameter of a DHCP packet under DHCP monitor page may allow an unauthenticated attacker in the same network as the Fort... Read more

    Affected Products : fortios
    • Published: Mar. 17, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2019-15706

    An improper neutralization of input during web page generation in the SSL VPN portal of FortiProxy version 2.0.0, version 1.2.9 and below and FortiOS version 6.2.1 and below, version 6.0.8 and below, version 5.6.12 may allow a remote authenticated attacke... Read more

    Affected Products : fortios fortiproxy
    • Published: Mar. 17, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-55594

    An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests.... Read more

    Affected Products : fortiweb
    • Published: Mar. 14, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Authentication

  • 7.2

    HIGH
    CVE-2022-29059

    An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWeb version 7.0.1 and below, 6.4.2 and below, 6.3.20 and below, 6.2.7 and below may allow a privileged attacker to execute SQL commands ... Read more

    Affected Products : fortiweb
    • Published: Mar. 14, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-26006

    An improper neutralization of input during web page Generation vulnerability [CWE-79] in FortiOS version 7.4.3 and below, version 7.2.7 and below, version 7.0.13 and below and FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and... Read more

    Affected Products : fortios fortiproxy
    • Published: Mar. 14, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.7

    HIGH
    CVE-2024-33504

    A use of hard-coded cryptographic key to encrypt sensitive data vulnerability [CWE-321] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, 7.0 all versions, 6.4 all versions may allow an attacker with JSON API access permission... Read more

    Affected Products : fortimanager fortimanager_cloud
    • Published: Feb. 11, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Cryptography

  • 6.7

    MEDIUM
    CVE-2024-21758

    A stack-based buffer overflow in Fortinet FortiWeb versions 7.2.0 through 7.2.7, and 7.4.0 through 7.4.1 may allow a privileged user to execute arbitrary code via specially crafted CLI commands, provided the user is able to evade FortiWeb stack protection... Read more

    Affected Products : fortiweb
    • Published: Jan. 14, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-22256

    A improper handling of insufficient permissions or privileges in Fortinet FortiPAM 1.4.0 through 1.4.1, 1.3.0, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSRA 1.4.0 through 1.4.1 allows attacker to improper access control via specially crafted H... Read more

    Affected Products : fortipam fortisra
    • Published: Jun. 10, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Authorization

  • 3.2

    LOW
    CVE-2023-29184

    An incomplete cleanup vulnerability [CWE-459] in FortiOS 7.2 all versions and before & FortiProxy version 7.2.0 through 7.2.2 and before 7.0.8 allows a VDOM privileged attacker to add SSH key files on the system silently via crafted CLI requests.... Read more

    Affected Products : fortios fortiproxy
    • Published: Jun. 10, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Misconfiguration

  • 7.2

    HIGH
    CVE-2024-46671

    An Incorrect User Management vulnerability [CWE-286] in FortiWeb version 7.6.2 and below, version 7.4.6 and below, version 7.2.10 and below, version 7.0.11 and below widgets dashboard may allow an authenticated attacker with at least read-only admin permi... Read more

    Affected Products : fortiweb
    • Published: Apr. 08, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2021-24008

    An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, version 4.6.0, version 4.5.0, version 4.... Read more

    • Published: Mar. 28, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2023-25610

    A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and version 6.2.12 and below, FortiProxy version 7.2.0 throug... Read more

    • Published: Mar. 24, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-7234

    IrfanView CADImage Plugin CGM File Parsing Out-of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required t... Read more

    Affected Products : irfanview cadimage
    • Published: Jul. 21, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 292768 Results